Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
418
Views
0
Helpful
2
Replies
Highlighted
Antonio Macia
Participant
Participant
‎06-05-2020 01:40 AM
‎06-05-2020 01:40 AM

Certificate and SAML auth with AnyConnect

Hi,

Is it possible to perform certificate authentication in ASA with AnyConnect together with SAML using Cisco DUO Access Gateway?

 

Thanks.

Labels:
0 Helpful
2 REPLIES 2
Highlighted
Rob Ingram
VIP Advisor VIP Advisor
VIP Advisor
‎06-05-2020 01:56 AM
‎06-05-2020 01:56 AM

Hi,

Yes that should be possible. With the ASA, under the tunnel-group configuration you can specify "aaa" for the DUO authentication AND "certificate" for the certificate authentication. The ASA will need to trust and validate the certificate presented by the client computer.

 

tunnel-group RAVPN webvpn-attributes
 authentication aaa certificate

HTH

0 Helpful
Highlighted
Antonio Macia
Participant
Participant
In response to Rob Ingram
‎06-05-2020 02:09 AM
‎06-05-2020 02:09 AM

Hi,

 

I already tried that but it doesn't work. Notice that selecting any other option different from "SAML" will make ASA to ignore the SAML Server configured below and use only the AAA server defined.

It should work using the DUO's Authentication Proxy as secondary AAA server, since it is a regular RADIUS server, but it has some limitations compared with the Access Gateway.

 

Regards.

0 Helpful
Latest Contents
Cisco VPN Client - AnyConnect: connection problems
Created by ShamilaGul58174 on 09-19-2020 07:49 AM
1
0
1
0
the Cisco CPN Client for a long time to connect to a VPN Server. Now I've got a new machine with a Windows 7 64 bit. The Cisco VPN Client isn't avaiable in a 64 bit version. Cisco suggests to use Cisco AnyConnect instead because there'a 64 bit version ava... view more
How To: Splunk and ISE pxGrid Adaptive Network Control (ANC)...
Created by thomas on 09-18-2020 11:19 AM
2
2
2
2
May 2016Splunk is a powerful tool for analyzing information in your organization by collecting, storing, alerting, reporting, and analyzing machine data. With Cisco platform Exchange Grid (pxGrid) Splunk is able to proactively act on received network secu... view more
Enabling AMP on Content Security Products – Best Practices
Created by Robert Sherwin on 09-18-2020 11:19 AM
1
10
1
10
8/7/2018 Happy to announce that we have an updated version of our Enabling AMP on Content Security Products - Best Practices (v3.0).  Please feel free to review if you have questions regarding deployment of AMP (File Reputation and File Analysis). &n... view more
NetFlow Support Matrix
Created by hanjabbo on 09-18-2020 11:19 AM
13
79
13
79
Updated: July 2018 New: Updated format , Netflow configuration examples per platform (End of Table) Note: Remember the table is scrollable horizontally to view other columns, not only vertically   Platform Feature Set IOS / IOS XE NetFlow F... view more
Email Security Content Tailored For You
Created by ashherri on 09-18-2020 11:19 AM
0
0
0
0
                                                                        &... view more
Content for Community-Ad
Cisco Community August2020 Spotlight Award Winners

Follow our Social Media Channels